hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor Security.CWE.CWE-611 Xxe queries

Browse Source
This commit is contained in:
Ed Minnix
2023-03-15 14:35:36 -04:00
parent 80012b190d
commit 271d50ba99
4 changed files with 36 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll
View File

@@ -8,7 +8,7 @@ private import semmle.code.java.security.XxeQuery
/**
* A taint-tracking configuration for unvalidated local user input that is used in XML external entity expansion.
*/
class XxeLocalConfig extends TaintTracking::Configuration {
deprecated class XxeLocalConfig extends TaintTracking::Configuration {
XxeLocalConfig() { this = "XxeLocalConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
@@ -21,3 +21,17 @@ class XxeLocalConfig extends TaintTracking::Configuration {
any(XxeAdditionalTaintStep s).step(n1, n2)
}
}
private module XxeLocalConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
predicate isSink(DataFlow::Node sink) { sink instanceof XxeSink }
predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof XxeSanitizer }
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
any(XxeAdditionalTaintStep s).step(n1, n2)
}
}
module XxeLocalFlow = TaintTracking::Make<XxeLocalConfig>;

16
java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll
View File

@@ -8,7 +8,7 @@ private import semmle.code.java.security.XxeQuery
/**
* A taint-tracking configuration for unvalidated remote user input that is used in XML external entity expansion.
*/
class XxeConfig extends TaintTracking::Configuration {
deprecated class XxeConfig extends TaintTracking::Configuration {
XxeConfig() { this = "XxeConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
@@ -21,3 +21,17 @@ class XxeConfig extends TaintTracking::Configuration {
any(XxeAdditionalTaintStep s).step(n1, n2)
}
}
private module XxeConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
predicate isSink(DataFlow::Node sink) { sink instanceof XxeSink }
predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof XxeSanitizer }
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
any(XxeAdditionalTaintStep s).step(n1, n2)
}
}
module XxeFlow = TaintTracking::Make<XxeConfig>;